Cisco Cisco Content Security Management Appliance M1070 Guida Utente
Chapter 11 Common Administrative Tasks
11-78
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Configuring Domain Name System Settings
You can configure the Domain Name System (DNS) settings for your Cisco
IronPort appliance through the Management Appliance > Network > DNS page in
the GUI, or via the
IronPort appliance through the Management Appliance > Network > DNS page in
the GUI, or via the
dnsconfig
command.
You can configure the following settings:
•
Whether to use the Internet’s DNS servers or your own, and which server(s)
to use
to use
•
Which interface to use for DNS traffic
•
The number of seconds to wait before timing out a reverse DNS lookup
•
Clearing the DNS cache
Specifying DNS Servers
AsyncOS can use the Internet root DNS servers, your own DNS servers, or the
Internet root DNS servers and authoritative DNS servers that you specify. When
using the Internet root servers, you may specify alternate servers to use for
specific domains. Because an alternate DNS server applies to a single domain, it
must be authoritative (provide definitive DNS records) for that domain.
Internet root DNS servers and authoritative DNS servers that you specify. When
using the Internet root servers, you may specify alternate servers to use for
specific domains. Because an alternate DNS server applies to a single domain, it
must be authoritative (provide definitive DNS records) for that domain.
AsyncOS supports “splitting” DNS servers when not using the Internet’s DNS
servers. If you are using your own internal server, you can also specify exception
domains and associated DNS servers.
servers. If you are using your own internal server, you can also specify exception
domains and associated DNS servers.
When setting up “split DNS,” you should set up the in-addr.arpa (PTR) entries as
well. For example, if you want to redirect “.eng” queries to the nameserver 1.2.3.4
and all the .eng entries are in the 172.16 network, then you should specify
“eng,16.172.in-addr.arpa” as the domains in the split DNS configuration.
well. For example, if you want to redirect “.eng” queries to the nameserver 1.2.3.4
and all the .eng entries are in the 172.16 network, then you should specify
“eng,16.172.in-addr.arpa” as the domains in the split DNS configuration.
Multiple Entries and Priority
For each DNS server that you enter, you can specify a numeric priority. AsyncOS
attempts to use the DNS server with the priority closest to 0. If that DNS server is
not responding, AsyncOS attempts to use the server at the next priority. If you
specify multiple entries for DNS servers with the same priority, the system
randomizes the list of DNS servers at that priority every time it performs a query.
The system then waits a short amount of time for the first query to expire or “time
out” and then a slightly longer amount of time for the second, and so on. The
attempts to use the DNS server with the priority closest to 0. If that DNS server is
not responding, AsyncOS attempts to use the server at the next priority. If you
specify multiple entries for DNS servers with the same priority, the system
randomizes the list of DNS servers at that priority every time it performs a query.
The system then waits a short amount of time for the first query to expire or “time
out” and then a slightly longer amount of time for the second, and so on. The